[ros-diffs] [reactos] 01/01: [NTOS] Fix a bug in the PE loader, which caused images to be loaded up to MmHighestUserAddress, thus overwriting the shared user page.

[Timo Kreuzer]

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=56da95671ce87fc3c9fffbf33f411759ce330e49

commit 56da95671ce87fc3c9fffbf33f411759ce330e49
Author:     Timo Kreuzer <timo.kreu...@reactos.org>
AuthorDate: Mon Oct 21 00:36:14 2019 +0200
Commit:     Timo Kreuzer <timo.kreu...@reactos.org>
CommitDate: Sat Oct 26 21:38:13 2019 +0200

    [NTOS] Fix a bug in the PE loader, which caused images to be loaded up to 
MmHighestUserAddress, thus overwriting the shared user page.
    
    This is now fixed by using MM_HIGHEST_VAD_ADDRESS as the margin instead.
    Should fix CORE-11717
---
 ntoskrnl/mm/section.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c
index 1d7a043c2a1..8278226b074 100644
--- a/ntoskrnl/mm/section.c
+++ b/ntoskrnl/mm/section.c
@@ -4579,11 +4579,11 @@ MmMapViewOfSection(IN PVOID SectionObject,
         ImageSectionObject->ImageInformation.ImageFileSize = (ULONG)ImageSize;
 
         /* Check for an illegal base address */
-        if (((ImageBase + ImageSize) > (ULONG_PTR)MmHighestUserAddress) ||
+        if (((ImageBase + ImageSize) > (ULONG_PTR)MM_HIGHEST_VAD_ADDRESS) ||
                 ((ImageBase + ImageSize) < ImageSize))
         {
             ASSERT(*BaseAddress == NULL);
-            ImageBase = ALIGN_DOWN_BY((ULONG_PTR)MmHighestUserAddress - 
ImageSize,
+            ImageBase = ALIGN_DOWN_BY((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - 
ImageSize,
                                       MM_VIRTMEM_GRANULARITY);
             NotAtBase = TRUE;
         }